import java.io.PrintWriter;
import java.math.BigInteger;
import java.security.cert.X509Certificate;
+import java.util.Date;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import club.wpia.gigi.GigiApiException;
import club.wpia.gigi.database.GigiPreparedStatement;
import club.wpia.gigi.database.GigiResultSet;
+import club.wpia.gigi.dbObjects.Certificate;
import club.wpia.gigi.dbObjects.CertificateOwner;
import club.wpia.gigi.dbObjects.Group;
import club.wpia.gigi.dbObjects.User;
}
}
- loginSession(req, user);
+ loginSession(req, user, false);
req.getSession().setAttribute(LOGIN_METHOD, new TranslateCommand("Password"));
return;
}
private void tryAuthWithCertificate(HttpServletRequest req, X509Certificate x509Certificate) {
BigInteger serial = extractSerialFormCert(x509Certificate);
+ Certificate c = Certificate.getBySerial(serial);
User user = fetchUserBySerial(serial);
if (user == null) {
return;
}
- loginSession(req, user);
+ if (c.getExpiryDate().before(new Date()) || c.getRevocationDate() != null || c.isLoginEnabled() == false) {
+ return;
+ }
+ loginSession(req, user, true);
req.getSession().setAttribute(CERT_SERIAL, serial);
req.getSession().setAttribute(CERT_ISSUER, x509Certificate.getIssuerDN());
req.getSession().setAttribute(LOGIN_METHOD, new TranslateCommand("Certificate"));
private static final Group LOGIN_BLOCKED = Group.BLOCKED_LOGIN;
- private void loginSession(HttpServletRequest req, User user) {
+ private void loginSession(HttpServletRequest req, User user, boolean isStronglyAuthenticated) {
if (user.isInGroup(LOGIN_BLOCKED)) {
return;
}
HttpSession hs = req.getSession();
hs.setAttribute(LOGGEDIN, true);
hs.setAttribute(Language.SESSION_ATTRIB_NAME, user.getPreferredLocale());
- hs.setAttribute(AUTH_CONTEXT, new AuthorizationContext(user, user));
+ hs.setAttribute(AUTH_CONTEXT, new AuthorizationContext(user, user, isStronglyAuthenticated));
}
@Override